Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| langflow-ai | langflow | 0 ~ 1.3.0 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | A vulnerability scanner for CVE-2025-3248 in Langflow applications. 用于扫描 Langflow 应用中 CVE-2025-3248 漏洞的工具。 | https://github.com/xuemian168/CVE-2025-3248 | POC Details |
| 2 | POC of CVE-2025-3248, RCE of LangFlow | https://github.com/PuddinCat/CVE-2025-3248-POC | POC Details |
| 3 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint.A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-3248.yaml | POC Details |
| 4 | None | https://github.com/verylazytech/CVE-2025-3248 | POC Details |
| 5 | https://github.com/vulhub/vulhub/blob/master/langflow/CVE-2025-3248/README.md | POC Details | |
| 6 | None | https://github.com/Threekiii/Awesome-POC/blob/master/%E4%BA%BA%E5%B7%A5%E6%99%BA%E8%83%BD%E6%BC%8F%E6%B4%9E/Langflow%20code%20API%20%E6%9C%AA%E6%8E%88%E6%9D%83%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2025-3248.md | POC Details |
| 7 | Scanner and exploit for CVE-2025-3248 | https://github.com/Praison001/CVE-2025-3248 | POC Details |
| 8 | CVE-2025-3248: A critical flaw has been discovered in Langflow that allows malicious actors to execute arbitrary Python code on the target system. This can lead to full remote code execution without authentication, potentially giving attackers control over the server. | https://github.com/vigilante-1337/CVE-2025-3248 | POC Details |
| 9 | Perform Remote Code Execution using vulnerable API endpoint. | https://github.com/Vip3rLi0n/CVE-2025-3248 | POC Details |
| 10 | This Python script exploits CVE-2025-3248 to execute arbitrary commands or spawn a reverse shell on a vulnerable system. Authentication is required to use this exploit. | https://github.com/tiemio/RCE-CVE-2025-3248 | POC Details |
| 11 | CVE-2025-3248 Langflow RCE Exploit | https://github.com/ynsmroztas/CVE-2025-3248-Langflow-RCE | POC Details |
| 12 | None | https://github.com/imbas007/CVE-2025-3248 | POC Details |
| 13 | Exploit for Langflow AI Remote Code Execution (Unauthenticated) | https://github.com/0xgh057r3c0n/CVE-2025-3248 | POC Details |
| 14 | CVE-2025-3248 — Langflow RCE Exploit | https://github.com/zapstiko/CVE-2025-3248 | POC Details |
| 15 | CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage | https://github.com/B1ack4sh/Blackash-CVE-2025-3248 | POC Details |
| 16 | Powerful unauthenticated RCE scanner for CVE-2025-3248 affecting Langflow < 1.3.0 | https://github.com/issamjr/CVE-2025-3248-Scanner | POC Details |
| 17 | Remote Code Execution Exploit for Langflow (CVE-2025-3248) - [ By S4Tech ] | https://github.com/0-d3y/langflow-rce-exploit | POC Details |
| 18 | CVE-2025-3248 | https://github.com/dennisec/CVE-2025-3248 | POC Details |
| 19 | Mass-CVE-2025-3248 | https://github.com/dennisec/Mass-CVE-2025-3248 | POC Details |
| 20 | Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. | https://github.com/ill-deed/Langflow-CVE-2025-3248-Multi-target | POC Details |
| 21 | None | https://github.com/r0otk3r/CVE-2025-3248 | POC Details |
| 22 | CVE-2025-3248 | https://github.com/min8282/CVE-2025-3248 | POC Details |
| 23 | Langflow Remote Code Execution | https://github.com/EQSTLab/CVE-2025-3248 | POC Details |
| 24 | PoC for achieving RCE in Langflow versions <1.3.0 | https://github.com/wand3rlust/CVE-2025-3248 | POC Details |
| 25 | None | https://github.com/Kiraly07/Demo_CVE-2025-3248 | POC Details |
| 26 | Exploit for Langflow AI Remote Code Execution (Unauthenticated) | https://github.com/zr1p3r/CVE-2025-3248 | POC Details |
| 27 | Langflow 在对用户提交的“验证代码”做 AST 解析和编译时,在未做鉴权与沙箱限制的情况下调用了 Python 的 compile()/exec()(以及在编译阶段会评估函数默认参数与装饰器),攻击者可把恶意载荷放在参数默认值或装饰器里,借此在服务器上下文中执行任意语句(反弹 shell、下载器、横向移动等) | https://github.com/bambooqj/cve-2025-3248 | POC Details |
| 28 | A comprehensive Python exploitation framework for testing and demonstrating CVE-2025-3248, a critical unauthenticated remote code execution vulnerability in Langflow versions ≤ 1.3.0. | https://github.com/drackyjr/cve-2025-3248-exploit | POC Details |
| 29 | CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage | https://github.com/Ashwesker/Blackash-CVE-2025-3248 | POC Details |
| 30 | None | https://github.com/b0ySie7e/CVE-2025-3248-POC | POC Details |
| 31 | CVE-2025-3248 – Unauthenticated Remote Code Execution in Langflow via Insecure Python exec Usage | https://github.com/Ashwesker/Ashwesker-CVE-2025-3248 | POC Details |
No public POC found.
Login to generate AI POCZaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.